| |SEPTEMBER 202419CIOReviewtechnical cost against the company's long-range business plan, known as Long Range Planning (LRP). If the two do not line up, the cyber security leader needs to go back to the drawing board and find a plan B. In fact, he or she should always have a plan A, B, and possibly C to ensure the business that due diligence was done. In the cyber world it's not just about technology it is also about cost, and both need to be weighed while building the cyber strategy and roadmap. The cyber strategy is not just about securing the data, it is also about data privacy and meeting the current and future cyber needs of the business. This will require the cyber security leader to have extensive knowledge of the current cyber landscape and what is potentially coming. This ultimately requires the cyber security leader to be reactive and proactive.In my second point, good communication skills are essential in any role in life but are highly needed in a senior leadership role. Learning the preferred communication style and method for each senior leader is crucial to effective leadership. Also, learning what the key business motivators are will help the cyber leader determine if his or her strategy and roadmap are in alignment with the goals of senior leadership. Often, I see cybersecurity professionals who are focused on technology and miss the business side. This puts the cyber security leader at odds with his leadership. If all are not aligned, getting funding for the cyber security program becomes even more challenging. Each leader tends to have a topic or priority specific to their role, the cyber security leader should learn this and determine if his or her cyber strategy has any synergies. If it does, great, point it out in the presentation. If it does not, re-evaluate the cyber strategy and see if the senior leaders' priorities can be added to the strategy. In learning the communication style of the senior leader, the cyber security leader can focus finetune his or her presentation. In my experience, some people like visual presentations such as power points. Some people like a lot of detail in a formal setting. Some people prefer to just have a fluid conversation in a comfortable atmosphere. Most like a pre-read of the material a least a day before. Whatever the style or method, the cyber security leader needs to learn it. I think that my points can and should be followed in any leadership position, but cyber professionals are different bread. A good cyber security professional needs to be detailed oriented and have extensive knowledge in all areas of IT, criminal law, insurance and risk, data privacy, finance, regulations & compliance, and physiology concerning crime. People with that type of knowledge tend to be very logical and analytical, lots of times a little lite on people skills. In my opinion, social skills tend to be something we (cyber professionals) have to work on. If the cyber security leader learns how his leadership and peers prefer to communicate and takes the time to learn the company's LRP, he or she will be able to acquire the necessary funding for their security initiatives. In my opinion, there are two primary reasons why. First, the cyber security leader fails to effectively communicate with their senior leadership. Secondly, the cyber security leader fails to effectively explain the business need
< Page 9 | Page 11 >